Monitoring text logs of popular Linux and Unix services
Nobody has time to browse service logs - see how you can use text parsing expressions to track and be alerted about specific events from the text log. To speed up diagnostics, see how you can set up a message description to be added to the alert message.
Please take note that this tutorial was tested on CentOS (64-bit) release 6.5 (Final), Fedora(64-bit) release 18 (Spherical Cow). There may be insignificant differences in other Linux distributions.
Requirements to monitor Linux/Unix services using system/service logs:
- FTP Server
- User with system privileges (i.e. SELinux) and access to var/log directory
Create Text Log Expression:
- Click on Monitoring Text Parsing Expressions Text Log Expressions+Add
- Enter
Name(e.g Login failure Linux) - Select
Regular ExpressionType -
Provide the following
Regular expression:(\w{3}\s{2}\d) (\d{2}:\d{2}:\d{2}) (.*): (.*)$ - Add
Date,Time,Info, andMessagevariables -
Provide the following Test Text into
Test Textfield :Jun 3 12:32:29 debian gdm3][3544]: pam_unix(gdm3:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=test
Configure Text Log sensor:
- Click on Network Atlas Nodes
- Locate the node where FTP server is installed by either the
IP Addressor theDNS nameinto search box - Right-click on the chosen Node Node Settings
- Locate Monitoring Sensors section
- Click on + Add Monitoring Sensor button and add the
Text Logsensor -
Configure the sensor:
- Select
SSHProtocol - Select
SFTPFile Access Type - Select the previously created Parsing Expression
- Select desired
Instance Key(e.g. Time) - Provide correct
Authentication Profile - Provide correct file
Path(e.g. /var/log/auth.log)
- Select
To create Alert on failed authorization:
- While in the
Text Logsensor configuration window click on+ Add Alert New Alert on Text Log Entry - Enter
Alert Description(e.g. Failed login attempt detected) - Select
Log entry matching expressionoption - Click on < Add Condition > button
-
Set
expression:Message contains authentication failure
- [28.01.2019]Monitoring IPMI Logs
React to changes in the configuration of monitored devices and alerts related to their stats by checking the System Event Log entries using the IPMI Log Sensor.
- [15.11.2018]Linux/Unix Server Monitoring
Monitor your Linux servers comprehensively and automatically using NetCrunch. Skip basic configuration of monitoring strategies by leveraging NetCrunch's OS identification and automatic Monitoring Pack assignment. Extend your Linux monitoring strategies with sensors.
- [10.05.2018]How to use NetCrunch data parsers with REST sensor
See how easy it is to use REST sensor in NetCrunch to get any data, and process it with parsers for counters and statuses. It can be added to any view as a widget for live visibility.
